Google was also able to bypass privacy settings on mobile Safari, which normally blocks cookies as well

Google was recently caught bypassing user privacy settings on Apple's browser, Safari, and also on Microsoft's Internet Explorer. But Google claims that it was just trying to get its +1 buttons to work on Safari, and that Internet Explorer's cookie policy was "widely non-operational."

Google was able to successfully get past Safari's browser settings for privacy, which attempts to block certain types of cookies. Safari accepts first-party cookies (the Web site the user is on) or second-party cookies (the user's browser), but blocks third-party cookies, which links the browser to an entirely different Web site. The mobile version of Safari, which can be found on iOS devices, has the ability to block all cookies or none at all.

Despite a user's privacy settings, Google and ad networks from Vibrant Media, PointRoll and Media Innovation Group were able to bypass this. They did so by making it look like the user visiting a Web site filled out a form of some sort (even if no form was presented to the user) and the companies would then get their cookies accepted. Google was also tracking user activity on the mobile version of Safari, meaning that iPhone, iPad and iPod touch users were being watched as well.

After The Wall Street Journal broke the story, Microsoft's Windows Internet Explorer Engineering Team wondered if Google was doing the same thing to Internet Explorer's users. As it turns out, it was.

"We've found that Google bypasses the P3P Privacy Protection feature in IE," said the Windows Internet Explorer Engineering Team Blog. "The result is similar to the recent reports of Google's circumvention of privacy protections in Apple's Safari Web browser, even though the actual bypass mechanism Google uses is different.

"By default, IE blocks third-party cookies unless the site presents a P3P Compact Policy Statement indicating how the site will use the cookie and that the site's use does not include tracking the user. Google's P3P policy causes Internet Explorer to accept Google's cookies even though the policy does not state Google's intent."

Google defended itself against the claims, saying that it never intended to track users on Safari or Internet Explorer. As far as Safari goes, it was just trying to get its +1 buttons to work. Browsers like FireFox, Chrome and Internet Explorer don't block third-party cookies by default, but Safari does. Therefore, Google bypassed the privacy settings to allow its +1 buttons on advertisements to be distributed through the AdSense network to other sites. Google also said it wasn't tracking iPhones, just what some people are doing in the Safari browser.

On the Internet Explorer side of things, Google argued that Internet Explorer's P3P cookie technology is "widely non-operational." Google also mentioned Facebook and Amazon's use of P3P bypass, and that P3P doesn't support Google's modern Web services. The P3P standard is now out of date, said Google.

"Microsoft omitted important information from its blog post today," said Google. "Microsoft uses a 'self-declaration' protocol (known as P3P) dating from 2002 under which Microsoft asks websites to represent their privacy practices in machine-readable form. It is well known -- including by Microsoft -- that it is impractical to comply with Microsoft's request while providing modern web functionality. We have been open about our approach, as have many other websites."

You still ignore the facts that were posted earlier in the thread so I'll post the URL again and pay attention to the date. IE has had this known issue since well...forever and they chose to ignore it. So it's Microsoft's fault.

You also (conveniently) didn't answer my question though. If Firefox and Chrome explicitly block 3rd party cookies no questions asked why do IE and Safari not do the same? That takes the issue and points is squarely at the web browsers, not at Google or the other websites out there that use this "loophole".

I love how you can never answer a simple question when the answer makes your precious Apple look rotten. Especially when Webkit did this to themselves by relaxing the policies in March 2010 and didn't bother implementing the fix submitted by Google developers back in August 2011.

What about the fact that Microsoft's own support page recommended people do exactly what Google is doing? Which is also what Microsoft's site does, as does Facebook.

The only reason Microsoft came out with this information was to jump on the "I hate Google" bandwagon and make Google look bad. Instead all it's done is show that IE is still outdated and insecure as is Safari.